Beginning Assembly, Part 2 The Assembling!

Beginning Assembly, Part 2 The Assembling!

Beginning Assembly, Part 2 The Assembling!. Poorly Presented by Gleep. Dicks. How does Dicks work? Zenity dependancy Pushes text params onto the stack Stores mem addresses of params in registers

Beginning Assembly, Part 2 The Assembling!

### Beginning Assembly, Part 2The Assembling!

Poorly Presented by

Gleep

Dicks
• How does Dicks work?
• Zenitydependancy
• Pushes text params onto the stack
• Stores mem addresses of params in registers
• Calls execve to start Zenity and passes regs to Zenity with params for pop-up text box
Binary Coded Decimal
• Represents a decimal number by coding each digit in binary
• Unpacked BCD is one byte per digit
• 00000011 00000100 00001001
• 3 4 9
• Packed BCD is one byte per two digits
• 00100100 10010001
• 2 4 9 1
Floating Point Maths
• Floating point ops use special registers ST(0) thru ST(7)… 80 bit registers for data
• 1 - 16 bit control register
• 1 - 16 bit status register
• 1 - 16 bit tag register to describe contents of data regs
• 1 - 48 bit FIP register for next floating point op
• 1 - 48 bit FDP FPU data pointer
• 1 - 11 bit Opcode register
Floating Point Reg Ops
• The floating point registers act as a stack. ST(0) is top of stack.
• Fldsrc – loads 80 bit src onto FP stack
• Fstdst – moves top of FP stack into dst
• Info all will show all FP and SSE registers
Floating Point Maths

((55.24 / 31) + (83.11 * 2.4)) / ((14.35 * 9) – (251.5 / 77.62)) = OMGLOLWUT?!?!

Single Instruction Multiple Data
• Aka – MMX, SSE, 3DNow!
• MMX aliases the 8 FPU data regs as MM0-7 for 64 bit packed integers
• SSE includes 8 new 128 bit regs XMM0-7 for 128 bit packed integers and floating point data
• Useful for processing large amounts of data with one instruction
SIMD Continued
• MMX regs can store 8x8 bit byte ints, 4x16 bit word ints, or 2x32 bit double word ints
• Movqsrc, dst – where dst is %mm0-7
• SSE regs can store 16x8 bit byte packed ints, 8x16 bit word packed ints, 4x32 bit double word packed ints, or 2x64 bit quad word ints
• Movdqusrc, dst – moves unaligned data into %xmm0-7
• Movdqasrc, dst – moves aligned data. Using this with unaligned data will throw an error.
SIMD Continued
• This was supposed to be a meaningful slide but then I got bored with SIMD.
• Research it yourself if you need to code it in natively.
C structures in ASM
• For Loops
• If/Then
• While
• Switch
Using C Libraries in Asm
• When using C functions in asm, need to link in C libraries containing the functions
• Ld –dynamic-linker /lib/ld-linux.so.2 –o -lx - where x is /lib/libx.so
• /lib/ld-linux.so.2 is a dynamic loader
• -lc option would link to /lib/libc.so
Compiling Asm with GCC
• Gcc –o
• Must change _start label to main
Unconditional Branching
• JMP
• 3 types… Short, Near, Far
• Equivalent of Goto:
• Short JMP is less that 128 bytes
• Far JMP is to another code segment
• Near JMP is everything else
• Takes one memory label as a parameter
• Call
• Equivalent to function call in C
• Call pushes EIP to stack
• Call returns to main with the RET command
Unconditional Branching Cont’d
• Interrupt
• Hardware – used for I/O functions
• Software
• Used for accessing kernel functions
• In Linux, uses Interrupt 0x80
• In Windows, uses Interrupt 0x21
• Parameters in registers determine which function is being called with what parameters
• Ex: MOVL \$1, %EAX
• MOVL \$0, %EBX
• INT \$0x80
Conditional JMPs
• JZ
• JNZ
• JGE
• JLE
• There’s a bunch of em… use the Googles
Function Calls
• .type , @function
• :
• Ret
• Call
• Functions can be defined anywhere within asm file
• Return values can be returned in regs or global vars
• Can put functions in separate file, just add .globl statement after .type statement, and add function object file to linker statement
Function Prologue and Epilogue

Prologue

• Function:
• Pushl %ebp
• Movl %esp, %ebp
• Subl \$8, %esp
• Epilogue
• Movl %ebp, %esp
• Popl %ebp
• Ret
Enter and Leave
• Enter #bytes – used to perform function call prologue
• Leave – used to perform function call epilogue
EBP
• Main Process executes

ESP

• Main Process calls New Function
• Call places RET addr on stack
• Prologue pushes EBP to stack
• Prologue sets EBP to ESP
• Prologue decrements ESP to make room for variables
• New Function executes
• Epilogue sets ESP to EBP
• Epilogue pops old EBP from stack
• RET pops old RET address to EIP
• Main Process resumes
System Calls
• Can be found in /usr/include/asm/unistd.h
• Look up the needed input and return values in man 2
• Can use strace to see background syscalls when running a program
• Strace –p will attach strace to a running process
• Use man 3 to see C function calls
Inline Assembly
• You can embed assembly within C programs
• Asm ( “code goes here”);
• Must enclose the code in quotes
• Can use the “volatile” keyword to tell compiler not to optimize it
• Must use \n newline char if embedding more than one command
• If coding ANSI C, use __asm__ instead
• Asm ( “movl \$1, %eax\n\t”

“movl \$0, %ebx\n\t”

“int \$0x80”);

Calling Libraries
• If using asm libraries in C code, add the asm files onto compile statement
• Gcc –o testprogtestprog.c func1.s func2.s
• Can also assemble code into object file then add the object file to gcc
Making Libraries
• Can create a static library using the Ar command to add object files into an archive
• Static library name syntax Libx.a
• Ar r libmyfunc.a func1.o func2.o func3.o
• Can see what is contained in a library using nm command
• Nm –s libmyfunc.a
• Compile by including the libx.a file on gcc command
Making shared libraries
• Shared library name syntax libx.so.
• Create shared library with –shared option on gcc
• Gcc –shared –o libmyfunc.so.1 func1.o func2.o func3.o
• To compile using shared library, in same dir as program file use –L. option
• Gcc –o testfunc –L. –lmyfunctestfunc.c
Using shared libraries
• The dynamic loader must know where to find any libraries needed for program function
• Change LD_LIBRARY_PATH environment variable
• Export LD_LIBRARY_PATH= “\$LD_LIBRARY_PATH:.”
• Or change the /etc/ld.so.conf file
• After adding path to ld.so.conf, must run ldconfig as root